Sentor
Startsidan Säkerhet 24/7 Konsulttjänster Om Sentor Kontakt
Sentor MSS AB
Hovslagargatan 5B
111 48 Stockholm

Telefon:  08-545 333 00
Fax:08-545 333 99
E-post: info@sentor.se


In English

Security is a business issue

2005-05-19

The e-gaming business was thoroughly shaken by waves of online criminal attacks last year, inflicting serious damage in the forms of revenue lost and a severe loss in customer confidence.

An investigation shows us that very few of the e-gaming companies had sufficient protection even though the hacker threat is well known and could very well be fatal to their businesses. In smaller and fast growing companies, IT-security decisions are often taken lightly, without any consideration put into the consequences of a security breach.

Most companies in the e-gaming business are virtually banks, holding hundreds of millions of their customer.s money, with a security level far below bank standard. It is easy to understand why this situation inspires serious criminal activity.

Your business is at risk

At the present there are undeniable signs of serious on-line criminal activity. One of the more obvious examples of this is the DDoS-attacks that have been plaguing on line businesses. The DDoS-attack is the internet interpretation of old fashioned racketeering, stemming from the late nineties. Criminals blackmail online companies with the threat of disabling their sites with massive traffic floods if they don.t get their protection money.

Another example is the phishing scams which have hit on-line banks hard and the gaming industry to some extent. Both of the examples are very .hard-to-deny. types of attacks, it's quite obvious that you have become a victim, but the really serious attacks will be kept as quiet as possible.

If someone was to breach the security of an on-line business (and yes, this happens all the time) one of the major issues is to try to keep customer confidence which means keeping the customers from finding out. It would even provide an attacker with new means to extort a company, simply threatening to go public with the fact that he had compromised the company's systems. From time to time examples surface, for example in February this year a Hungarian youngster was convicted for breaking into Sony Ericsson.s network, stealing the mobile phone source code. He was caught trying to sell the code on the Internet.

Defending your company

The presence of these threats described brings us to the crucial question. Since security is obviously a corporate life-and-death-matter: How does one defend oneself from these malicious attacks?

Firstly you must come to terms with the fact that there will always be vulnerabilities in your system. If you can get out on the internet, you can be sure that devoted hackers will find a way into your system. What you can do is to minimize your vulnerability to attacks.

The first step you should take is to install an intrusion detection system (IDS) and/or an intrusion prevention system (IPS), and make sure that these are monitored around the clock. This may seem a bit unorthodox. Isn.t the alarm system the last thing you install when dealing with security matters?

Let.s draw an analogy to the real world. Imagine you are the guardian of a huge pile of gold of Fort Knoxian quantity. Would you first build a high security vault for your gold, leaving it unguarded at night, or would you have guards watch over it around the clock, while you.re building the shelter? The answer is simple. You can.t leave your business unprotected at any time. In the digital world, as mentioned before, there are no unbreakable systems, so accordingly you will never quite finish your vault and your pile of gold will lie unguarded forever.

Proactive security

Proactive security is the next natural step in defending your business. Here follows examples of the questions put forward by the subject of proactive security:

Do you think you have a solid security system for your network? Good. Has it been thoroughly tested by experienced technicians? If you already have a security system in place, the need for regular testing is vital. You should forego the criminals by letting experts try and break into your network, so that they may mend any security lapses found.

Has your network undergone system hardening? Setting up a network with default security settings is like inviting hackers to wreak havoc upon your online business. System hardening means configuring your system for highest possible security.

Are all your systems upgraded with the latest security patches? It is very important that even older machines and systems get all available upgrades, since a common way into a network is through older systems which don.t receive patches.

Though one may become disillusioned by the overwhelming threat of online crime, it is important not to loose faith in ones ability to defend oneself. With the help of experienced security consultants it is always possible to create a system both highly user-friendly and highly protected from attacks.

Security checklist:

  • Your business is running 24/7. Do you monitor your security 24/7?
  • Do you have the capability to detect intrusion?
    • Have you tested it?
  • Do you have routines and processes in place to handle intrusions and other malicious incidents such as DDoS-attacks?
    • Have you tested them?
  • Do you regularly perform penetration tests?
    • Do they cover your applications in-depth?
    • Are they run both externally and internally?
  • Has your system undergone system hardening?
  • Are all machines patched against the latest security threats?

Gå upp
© Sentor 2011